From 96825e76efe27b962634dca9a02488bc10c0e3da Mon Sep 17 00:00:00 2001
From: Serghey Rodin <serghey.rodin@gmail.com>
Date: Thu, 4 Dec 2014 01:20:00 +0200
Subject: [PATCH] Exclude SSLv3 support

---
 install/debian/nginx.conf | 7 ++++---
 install/rhel/nginx.conf   | 7 ++++---
 install/ubuntu/nginx.conf | 7 ++++---
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/install/debian/nginx.conf b/install/debian/nginx.conf
index 91a43671a..79cf5ae7b 100644
--- a/install/debian/nginx.conf
+++ b/install/debian/nginx.conf
@@ -69,9 +69,10 @@ http {
 
 
     # SSL PCI Compliance
-    ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
-    ssl_session_cache           shared:SSL:10m;
-    ssl_prefer_server_ciphers   on;
+    ssl_session_cache   shared:SSL:10m;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
 
 
     # Error pages
diff --git a/install/rhel/nginx.conf b/install/rhel/nginx.conf
index 3897fa5da..61e34f57f 100644
--- a/install/rhel/nginx.conf
+++ b/install/rhel/nginx.conf
@@ -69,9 +69,10 @@ http {
 
 
     # SSL PCI Compliance
-    ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
-    ssl_session_cache           shared:SSL:10m;
-    ssl_prefer_server_ciphers   on;
+    ssl_session_cache   shared:SSL:10m;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
 
 
     # Error pages
diff --git a/install/ubuntu/nginx.conf b/install/ubuntu/nginx.conf
index 0852c60f9..4818be767 100644
--- a/install/ubuntu/nginx.conf
+++ b/install/ubuntu/nginx.conf
@@ -69,9 +69,10 @@ http {
 
 
     # SSL PCI Compliance
-    ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
-    ssl_session_cache           shared:SSL:10m;
-    ssl_prefer_server_ciphers   on;
+    ssl_session_cache   shared:SSL:10m;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
 
 
     # Error pages